Transformation Services Agreement - NSW Department of Education ...

More documents

Recommendations

Info

22. Privacy (a) (b) (c) (d) (e) The Contractor must comply with the obligations set out in Schedule 12 and any Laws relating to privacy. The Contractor must immediately notify DEC when the Contractor becomes aware of or receives a complaint relating to a breach of this clause 22 by the Contractor or its Personnel. [Omitted.] [Omitted.] This clause 22 will survive the termination or expiry of this agreement for a period of six years. 23. Information security 23.1 No unauthorised access The Contractor will, to the extent the System and NSW Government Property are within its possession or control, take all reasonable steps to ensure that no unauthorised party: (a) (b) is allowed physical or electronic access to the System or NSW Government Property; and prevents the Solution from being available. This includes installing and maintaining adequate security features within the System. 23.2 Safeguarding DEC Data (a) The Contractor will establish and maintain environmental, safety and facility procedures, data security procedures and other safeguards against the destruction, loss, unauthorised access or alteration of DEC Data in the possession of Contractor which are: (i) (ii) (iii) no less rigorous than those maintained by the Contractor for its own information of a similar nature; no less rigorous than accepted security standards in the industry, including those set forth in the Specifications; and adequate to meet the requirements of the DEC Policies. (b) (c) (d) Within 6 months following the Effective Date and as subsequently requested by DEC but no more frequently than once each year, the Contractor will evaluate the then-current DEC security policy and will prepare and submit for DEC review and approval recommendations with respect to changes or modifications to such policy. The Contractor may charge Time and Materials for work performed under this clause in excess of the first 4 days of work. The Contractor will maintain and enforce the then-current DEC security policy until any changes or modifications are approved by DEC for implementation. The Contractor will adhere to DEC Data policies and testing requirements in the Specifications. Legal\305532610.12 Commercial-in-confidence 27
(e) (f) The Contractor will remove all DEC Data from any media taken out of service and will destroy or securely erase such media in accordance with DEC's policy and procedures manual. In the event the Contractor discovers or is notified of a breach or potential breach of security relating to DEC Data within the Contractor's possession or control, the Contractor will immediately: (i) (ii) (iii) (iv) (v) notify DEC of such breach or potential breach; investigate (with DEC's participation if so desired by DEC, subject to the Contractor's security and confidentiality guidelines and procedures) such breach or potential breach and perform a risk assessment, root cause analysis and develop a corrective action plan; provide a written report to DEC of such risk assessment, root cause analysis and corrective action plan; remediate the effects of such breach or potential breach of security; and provide DEC with such assurances as DEC reasonably requests that such breach or potential breach will not recur. 23.3 Reconstruction procedures As part of the Services, the Contractor is responsible for developing and maintaining procedures for the reconstruction of lost DEC Data which are: (a) (b) no less rigorous than those maintained by DEC as set out in the DEC Policies; and no less rigorous than those maintained by the Contractor for its own information of a similar nature. 23.4 Corrections (a) (b) The Contractor will restore to the most recent back up level, all destroyed, lost or altered DEC Data for which the Contractor has back up responsibility, using generally accepted data restoration techniques. While the Contractor is performing infrastructure management services, the Contractor will correct to the most recent back up, at no charge to DEC, any destruction, loss or alteration of any DEC Data attributable to the failure of Contractor or Contractor Personnel to comply with Contractor's obligations under this agreement. Where the Contractor is not responsible for maintaining the back up, DEC will provide the back up to the Contractor. 23.5 Electronic Incident reporting (a) (b) The Contractor will report to DEC all known or suspected Electronic Incidents in relation to systems within its possession and control. Where an Electronic Incident actually occurs, the Contractor will as soon as reasonably possible notify DEC's Representative at the telephone number specified in DEC's policy and procedures manual, and provide the following information to DEC (to the extent known to or ascertainable by the Contractor): (i) the nature and impact of the Electronic Incident; Legal\305532610.12 Commercial-in-confidence 28
Page 1 and 2: Transformation Services Agreement D
Page 3 and 4: 22. Privacy........................
Page 5 and 6: Transformation Services Agreement d
Page 7 and 8: Contractor Supplied Assets or CSA m
Page 9 and 10: (iii) proposing or implementing a s
Page 11 and 12: (iv) (v) (vi) the service of either
Page 13 and 14: (a) (b) (c) (d) (e) (f) organisatio
Page 15 and 16: (i) (ii) (iii) the clauses of this
Page 17 and 18: F. Eliminate duplicated tasks G. Ch
Page 19 and 20: (a) (b) (c) examined the property t
Page 21 and 22: Part 3 - Financial arrangements 10.
Page 23 and 24: 13.5 Prioritisation (a) (b) Subject
Page 25 and 26: Part 5 - Information protection 20.
Page 27: 20.10 This agreement (a) (b) This a
Page 31 and 32: corrected, repaired or otherwise ad
Page 33 and 34: 24.4 Provision of tools and object
Page 35 and 36: 33. Disclosure of matters affecting
Page 37 and 38: (d) (e) (f) (g) (h) (i) (j) providi
Page 39 and 40: 39.6 Liens and charges The Contract
Page 41 and 42: the agreement and include informati
Page 43 and 44: 47.4 Counterparts This agreement ma
Page 45 and 46: 47.16 [Omitted.] 47.17 Severability
Page 47 and 48: Schedule 1 - Agreement Details 1. E
Page 49 and 50: Schedule 3 - [Omitted.] Legal\30553
Page 51 and 52: Schedule 3B - [Omitted.] Legal\3055
Page 53 and 54: Legal\305532610.12 Commercial-in-co
Page 55 and 56: Schedule 4 - Governance Model 1. Re
Page 57 and 58: (e) (f) (g) (h) (i) (j) reporting m
Page 59 and 60: 5.3 Experience of key personnel The
Page 63 and 64: 2. DEC System Components 2.1 ERP So
Page 65 and 66: (p) (q) (r) (s) (t) (u) (v) (w) (x)
Page 69 and 70: Schedule 8B - [Omitted.] Legal\3055
Page 73 and 74: ut does not include information: (d
Page 75 and 76: 9. No exclusion of law or equity Th
Page 79 and 80:
Schedule 14 - Subcontractor statuto
Page 81 and 82:
Signed as an agreement. Signed for
Page 83 and 84:
This is Annexure A to the Transform
Page 85 and 86:
Annexure A1 - [Omitted.] Legal\3055
Page 87 and 88:
Page 89 and 90:
show all

Transformation Services Agreement - NSW Department of Education ...

Create successful ePaper yourself

Delete template?

Save as template?